Add CI workflow to check for unapproved Go dependency licenses #4
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
A task and GitHub Actions workflow are provided here for checking the license types of Go project dependencies. On every push and pull request that affects relevant files, the CI workflow will check: - If the dependency licenses cache is up to date - If any of the project's dependencies have an unapproved license type. Approval can be based on: - Universally allowed license type - Individual dependency
MatteoPologruto
force-pushed
the
check-go-deps
branch
from
885cefa to
6e00471
Compare
alessio-perugini
approved these changes
Jul 12, 2023
alessio-perugini
added a commit
that referenced
this pull request
Jul 13, 2023
* bootstrap * use arduino-cli executils * handle HID port address in get version * improve the flash output messages * update relaxed-semver and the plugin-helper * use FindToolPath func to find espflash binary * update .gitignore * add commands sketches to control reboot and version * handle new way to reboot the board * use bcmi-labs/hid fork * remove tmp files * update .gitignore * use commands sketch to retrive board version * refactor HID logic * add missing modem.begin() * update helper deps that fixes the proper tools discovery path * use espflash write-bin command to flash the firmware * add a small information message before the flash step * add taskfile + dist templates * fix CR * better error handling * fix changing serial port after going in esp mode * rename some serial pkg types * add some commnets in reboot function * Add PemToCrt function * Use PemToCrt function in UploadCertificate * add padding * remove LICENSE in favor of LICENSE.txt * update commands.ino to send multiple commands * reboot logic now read the fw version to decide which logic to apply * add logging * add slog license files * add go.work.sum to .gitignore * fix a panic when the serial port is busy * update the helper pkg (adds: fqbn and logging) * add license headers to *.go files * comment public exported function of serial and serial/utils pkg * Add CI workflow to check for unapproved Go dependency licenses (#4) A task and GitHub Actions workflow are provided here for checking the license types of Go project dependencies. On every push and pull request that affects relevant files, the CI workflow will check: - If the dependency licenses cache is up to date - If any of the project's dependencies have an unapproved license type. Approval can be based on: - Universally allowed license type - Individual dependency * Add CI workflow to lint and check formatting of Go code (#3) * Add CI workflow to lint and check formatting of Go code On every push and pull request that affects relevant files, check the Go module for: - Common detectable errors in the code. - Use of outdated APIs - Code style violations - Code formatting inconsistency - Misconfiguration * Order tasks alphabetically * Run go mod tidy * Add CI workflow to publish releases (#2) * Add CI workflow to publish releases On every push of a tag named with a version format: - Build the project for all supported platforms. - Sign and notarize the macOS builds. - Create a GitHub release. - Builds and checksums are attached as release assets - A changelog generated from the commit history is added to the release description - If the tag has a pre-release version suffix, the GitHub release will be marked as a pre-release. - Upload the builds to Arduino's downloads server. * fix `Taskfile.yml` file * add package index generation like in the fwuploader * add top level dir in the archive * fix typos * fix possible infinite loop when parsin invalid pem content --------- Co-authored-by: MatteoPologruto <m.pologruto@ext.arduino.cc> Co-authored-by: MatteoPologruto <109663225+MatteoPologruto@users.noreply.github.com> Co-authored-by: Umberto Baldi <34278123+umbynos@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
A task and GitHub Actions workflow are provided here for checking the license types of Go project dependencies.
On every push and pull request that affects relevant files, the CI workflow will use Licensed to check:
Approval can be based on: